Do NOT open public issues for security vulnerabilities.

Email: admin@superlocalmemory.com

Include:

• Description of the vulnerability
• Steps to reproduce
• Impact assessment
• Suggested fix (if any)

We will respond within 48 hours and provide a fix timeline within 7 days.

• All data stored at ~/.superlocalmemory/
• Zero cloud API calls during store/recall operations
• No telemetry, analytics, or phone-home code
• SQLite with WAL mode for data integrity

• Optional API key authentication for dashboard/API access
• HMAC-SHA256 timing-safe comparison
• Rate limiting: 30 writes/min, 120 reads/min

• Parameterized SQL queries throughout (no SQL injection)
• XSS protection via escapeHtml() in all UI rendering
• CSRF protection via token-based auth (no cookies)
• Security headers: X-Frame-Options, CSP, X-Content-Type-Options
• CORS whitelist with credential control

• GDPR Article 15 (right to access): full data export
• GDPR Article 17 (right to erasure): complete erasure including learning data
• EU AI Act data sovereignty: Mode A keeps all data local
• Tamper-proof audit trail with SHA-256 hash chain

Run npm audit and pip audit regularly. Report any findings.

Part of Qualixar | Author: Varun Pratap Bhardwaj